CVSS: 7.5EPSS: 2%CPEs: 62EXPL: 0CVE-2016-5706
https://notcve.org/view.php?id=CVE-2016-5706
js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. js/get_scripts.js.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 permite a atacantes remotos provocar una denegación de servicio a través de una gran variedad en el parámetro de secuencias de comandos. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html http://www.debian.org/security/2016/dsa-3627 http://www.securityfocus.com/bid/91376 https://github.com/phpmyadmin/phpmyadmin/commit/4767f24ea4c1e3822ce71a636c341e8ad8d07aa6 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-22 • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 62EXPL: 0CVE-2016-5730
https://notcve.org/view.php?id=CVE-2016-5730
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message. phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 permite a atacantes remotos obtener información sensible a través de vectores relacionados con (1) un valor de matriz para FormDisplay.php, (2) datos incorrectos para validate.php, (3) datos no esperados para Validator.php, (4) falta de directorio de configuración durante la instalación o (5) un identificador de tipo de datos OpenID incorrecto, lo que revela la ruta completa en un mensaje de error. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html http://www.securityfocus.com/bid/91379 https://github.com/phpmyadmin/phpmyadmin/commit/27664605b945b13e1d2b71adea822ace2099cc96 https://github.com/phpmyadmin/phpmyadmin/commit/331c560fbfa0e7d2dce674b5e88e983c5f2a451d https://github.com/phpmyadmin/phpmyadmin/commit/96e0aa35653ec0c66084a7e9343465e16c1f769b https://github.com/phpmyadmin/phpmyadmin/commit/b0180f18c828706af3a6800f0fb01a536d3ef8c7 https://github.com/phpmyadmin/phpmyad • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 62EXPL: 0CVE-2016-5731
https://notcve.org/view.php?id=CVE-2016-5731
Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. Vulnerabilidad de XSS en examples/openid.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 permiten a atacantes remotos inyectar comandos de secuencias web o HTML arbitrarios a través de vectores relacionados con un error de mensaje OpenID. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html http://www.debian.org/security/2016/dsa-3627 https://github.com/phpmyadmin/phpmyadmin/commit/418aeea3d83b0b6021bac311d849570acfc6e48c https://github.com/phpmyadmin/phpmyadmin/commit/94cf3864254ffaf3a69e97d8fc454888368b94ab https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-24 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5732
https://notcve.org/view.php?id=CVE-2016-5732
Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters. Múltiples vulnerabilidades de XSS en la implementación de partition-range en templates/table/structure/display_partitions.phtml en la página table-structure en phpMyAdmin 4.6.x en versiones anteriores a 4.6.3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una tabla de parámetros manipulada. • https://github.com/phpmyadmin/phpmyadmin/commit/0815af37f483f329f0c0565d68821fea9c47b5f5 https://github.com/phpmyadmin/phpmyadmin/commit/792cd1262f012b9b13639519d414f2acaeb5e972 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-25 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 62EXPL: 0CVE-2016-5733
https://notcve.org/view.php?id=CVE-2016-5733
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con (1)un nombre de tabla manipulado que es manejado incorrectamente durante la comprobación de privilegios en table_row.phtml, (2) una directiva mysqld log_bin manipulada que es manejada incorrectamente en log_selector.phtml, (3) la implementación de Transformation, (4) manejo del error AJAX en js/ajax.js, (5) la implementación de Designer, (6) la implementación de gráficos en js/tbl_chart.js o (7) la implementación de búsqueda de zoom en rows_zoom.phtml. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html http://www.debian.org/security/2016/dsa-3627 http://www.securityfocus.com/bid/91390 https://github.com/phpmyadmin/phpmyadmin/commit/4d21b5c077db50c2a54b7f569d20f463cc2651f5 https://github.com/phpmyadmin/phpmyadmin/commit/615212a14d7d87712202f37354acf8581987fc5a https://github.com/phpmyadmin/phpmyadmin/commit/79661610f6f65443e0ec1e382a7240437f28436c https://github.com/phpmyadmin/phpmyadmin/commit/8716855b309dbe65d7b9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •